} } if ($config['l2tp']['mode'] == "server") { if (have_ruleint_access("l2tp")) { $iflist['l2tp'] = gettext("L2TP VPN"); } } if (is_array($config['pppoes']['pppoe'])) { foreach ($config['pppoes']['pppoe'] as $pppoes) { if ($pppoes['mode'] == 'server' && have_ruleint_access("pppoe")) { $iflist['pppoe'] = gettext("PPPoE Server"); } } } /* add ipsec interfaces */ if (ipsec_enabled() && have_ruleint_access("enc0")) { $iflist["enc0"] = gettext("IPsec"); } /* add openvpn/tun interfaces */ if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { $iflist["openvpn"] = gettext("OpenVPN"); } if (!$if || !isset($iflist[$if])) { if ("any" == $if) { $if = "FloatingRules"; } else { if ("FloatingRules" != $if) { if (isset($iflist['wan'])) { $if = "wan"; } else { $if = "FloatingRules";
require_once "ipsec.inc"; require_once "functions.inc"; $first_time = false; if (!is_array($config["widgets"]["trafficgraphs"])) { $first_time = true; $config["widgets"]["trafficgraphs"] = array(); } $a_config =& $config["widgets"]["trafficgraphs"]; if (!is_array($a_config["shown"])) { $a_config["shown"] = array(); } if (!is_array($a_config["shown"]["item"])) { $a_config["shown"]["item"] = array(); } $ifdescrs = get_configured_interface_with_descr(); if (ipsec_enabled()) { $ifdescrs['enc0'] = "IPsec"; } if ($_POST) { if (isset($_POST["refreshinterval"]) && is_numericint($_POST["refreshinterval"])) { $a_config["refreshinterval"] = $_POST["refreshinterval"]; } if (isset($_POST["scale_type"])) { $a_config["scale_type"] = $_POST["scale_type"]; } $a_config["shown"]["item"] = array(); foreach ($ifdescrs as $ifname => $ifdescr) { if (in_array($ifname, $_POST["shown"])) { $a_config["shown"]["item"][] = $ifname; } }
function build_if_list() { global $config; $iflist = array(); // add group interfaces if (is_array($config['ifgroups']['ifgroupentry'])) { foreach ($config['ifgroups']['ifgroupentry'] as $ifgen) { if (have_ruleint_access($ifgen['ifname'])) { $iflist[$ifgen['ifname']] = $ifgen['ifname']; } } } foreach (get_configured_interface_with_descr() as $ifent => $ifdesc) { if (have_ruleint_access($ifent)) { $iflist[$ifent] = $ifdesc; } } if ($config['l2tp']['mode'] == "server" && have_ruleint_access("l2tp")) { $iflist['l2tp'] = gettext('L2TP VPN'); } if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { $iflist['pppoe'] = gettext("PPPoE Server"); } // add ipsec interfaces if (ipsec_enabled() && have_ruleint_access("enc0")) { $iflist["enc0"] = gettext("IPsec"); } // add openvpn/tun interfaces if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { $iflist["openvpn"] = gettext("OpenVPN"); } return $iflist; }
function build_if_list() { global $ifdisp; foreach ($ifdisp as $if => $ifdesc) { if (have_ruleint_access($if)) { $interfaces[$if] = $ifdesc; } } if ($config['l2tp']['mode'] == "server") { if (have_ruleint_access("l2tp")) { $interfaces['l2tp'] = "L2TP VPN"; } } if ($config['pppoe']['mode'] == "server") { if (have_ruleint_access("pppoe")) { $interfaces['pppoe'] = "PPPoE Server"; } } /* add ipsec interfaces */ if (ipsec_enabled() && have_ruleint_access("enc0")) { $interfaces["enc0"] = "IPsec"; } /* add openvpn/tun interfaces */ if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { $interfaces["openvpn"] = "OpenVPN"; } return $interfaces; }
function build_if_list() { $iflist = get_configured_interface_with_descr(false, true); //$iflist = get_interface_list(); // Allow extending of the firewall edit interfaces pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_interfaces_edit"); foreach ($iflist as $if => $ifdesc) { $interfaces[$if] = $ifdesc; } if ($config['l2tp']['mode'] == "server") { $interfaces['l2tp'] = "L2TP VPN"; } if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { $interfaces['pppoe'] = "PPPoE Server"; } /* add ipsec interfaces */ if (ipsec_enabled()) { $interfaces["enc0"] = "IPsec"; } /* add openvpn/tun interfaces */ if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { $interfaces["openvpn"] = "OpenVPN"; } return $interfaces; }
function restore_config_section_xmlrpc($raw_params) { global $config, $xmlrpc_g; $old_config = $config; $old_ipsec_enabled = ipsec_enabled(); if (xmlrpc_loop_detect()) { log_error("Disallowing CARP sync loop"); return; } $params = xmlrpc_params_to_php($raw_params); if (!xmlrpc_auth($params)) { xmlrpc_authfail(); return $xmlrpc_g['return']['authfail']; } /* * Make sure it doesn't end up with both dnsmasq and unbound enabled * simultaneously in secondary * */ if (isset($params[0]['unbound']['enable']) && isset($config['dnsmasq']['enable'])) { unset($config['dnsmasq']['enable']); services_dnsmasq_configure(); } else { if (isset($params[0]['dnsmasq']['enable']) && isset($config['unbound']['enable'])) { unset($config['unbound']['enable']); services_unbound_configure(); } } // Some sections should just be copied and not merged or we end // up unable to sync the deletion of the last item in a section $sync_full = array('dnsmasq', 'unbound', 'ipsec', 'aliases', 'wol', 'load_balancer', 'openvpn', 'cert', 'ca', 'crl', 'schedules', 'filter', 'nat', 'dhcpd', 'dhcpv6'); $sync_full_done = array(); foreach ($sync_full as $syncfull) { if (isset($params[0][$syncfull])) { $config[$syncfull] = $params[0][$syncfull]; unset($params[0][$syncfull]); $sync_full_done[] = $syncfull; } } $vipbackup = array(); $oldvips = array(); if (isset($params[0]['virtualip'])) { if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $vipindex => $vip) { if ($vip['mode'] == "carp") { $oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['content'] = "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}"; $oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['interface'] = $vip['interface']; $oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['subnet'] = $vip['subnet']; } else { if ($vip['mode'] == "ipalias" && (substr($vip['interface'], 0, 4) == '_vip' || strpos($vip['interface'], "lo0"))) { $oldvips[$vip['subnet']]['content'] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}"; $oldvips[$vip['subnet']]['interface'] = $vip['interface']; $oldvips[$vip['subnet']]['subnet'] = $vip['subnet']; } else { if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && !(substr($vip['interface'], 0, 4) == '_vip') || strpos($vip['interface'], "lo0")) { $vipbackup[] = $vip; } } } } } } // For vip section, first keep items sent from the master $config = array_merge_recursive_unique($config, $params[0]); /* Then add ipalias and proxyarp types already defined on the backup */ if (is_array($vipbackup) && !empty($vipbackup)) { if (!is_array($config['virtualip'])) { $config['virtualip'] = array(); } if (!is_array($config['virtualip']['vip'])) { $config['virtualip']['vip'] = array(); } foreach ($vipbackup as $vip) { array_unshift($config['virtualip']['vip'], $vip); } } /* Log what happened */ $mergedkeys = implode(",", array_merge(array_keys($params[0]), $sync_full_done)); write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys)); /* * The real work on handling the vips specially * This is a copy of intefaces_vips_configure with addition of not reloading existing/not changed carps */ if (isset($params[0]['virtualip']) && is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { $carp_setuped = false; $anyproxyarp = false; foreach ($config['virtualip']['vip'] as $vip) { if ($vip['mode'] == "carp" && isset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"])) { if ($oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['content'] == "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}") { if (does_vip_exist($vip)) { unset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"]); continue; // Skip reconfiguring this vips since nothing has changed. } } } else { if ($vip['mode'] == "ipalias" && strstr($vip['interface'], "_vip") && isset($oldvips[$vip['subnet']])) { if ($oldvips[$vip['subnet']]['content'] == "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}") { if (does_vip_exist($vip)) { unset($oldvips[$vip['subnet']]); continue; // Skip reconfiguring this vips since nothing has changed. } } unset($oldvips[$vip['subnet']]); } } switch ($vip['mode']) { case "proxyarp": $anyproxyarp = true; break; case "ipalias": interface_ipalias_configure($vip); break; case "carp": if ($carp_setuped == false) { $carp_setuped = true; } interface_carp_configure($vip); break; } } /* Cleanup remaining old carps */ foreach ($oldvips as $oldvipar) { $oldvipif = get_real_interface($oldvipar['interface']); if (!empty($oldvipif)) { if (is_ipaddrv6($oldvipar['subnet'])) { mwexec("/sbin/ifconfig " . escapeshellarg($oldvipif) . " inet6 " . escapeshellarg($oldvipar['subnet']) . " delete"); } else { pfSense_interface_deladdress($oldvipif, $oldvipar['subnet']); } } } if ($carp_setuped == true) { interfaces_sync_setup(); } if ($anyproxyarp == true) { interface_proxyarp_configure(); } } if ($old_ipsec_enabled !== ipsec_enabled()) { vpn_ipsec_configure(); } unset($old_config); return $xmlrpc_g['return']['true']; }
/** * Restore defined config section into local config * * @param string $username * @param string $password * @param array $sections * * @return bool */ public function restore_config_section($username, $password, $sections) { $this->auth($username, $password); global $config; $old_config = $config; $old_ipsec_enabled = ipsec_enabled(); if ($this->loop_detected) { log_error("Disallowing CARP sync loop"); return true; } /* * Some sections should just be copied and not merged or we end * up unable to sync the deletion of the last item in a section */ $sync_full_sections = array('aliases', 'ca', 'cert', 'crl', 'dhcpd', 'dhcpv6', 'dnsmasq', 'filter', 'ipsec', 'load_balancer', 'nat', 'openvpn', 'schedules', 'unbound', 'wol'); $syncd_full_sections = array(); foreach ($sync_full_sections as $section) { if (!isset($sections[$section])) { continue; } $config[$section] = $sections[$section]; unset($sections[$section]); $syncd_full_sections[] = $section; } $vipbackup = array(); $oldvips = array(); if (isset($sections['virtualip']) && is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $vip) { if ($vip['mode'] == "carp") { $key = $vip['interface'] . "_vip" . $vip['vhid']; $oldvips[$key]['content'] = $vip['password'] . $vip['advskew'] . $vip['subnet'] . $vip['subnet_bits'] . $vip['advbase']; $oldvips[$key]['interface'] = $vip['interface']; $oldvips[$key]['subnet'] = $vip['subnet']; } else { if ($vip['mode'] == "ipalias" && (substr($vip['interface'], 0, 4) == '_vip' || strstr($vip['interface'], "lo0"))) { $oldvips[$vip['subnet']]['content'] = $vip['interface'] . $vip['subnet'] . $vip['subnet_bits']; $oldvips[$vip['subnet']]['interface'] = $vip['interface']; $oldvips[$vip['subnet']]['subnet'] = $vip['subnet']; } else { if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && !(substr($vip['interface'], 0, 4) == '_vip') || strstr($vip['interface'], "lo0")) { $vipbackup[] = $vip; } } } } } /* For vip section, first keep items sent from the master */ $config = array_merge_recursive_unique($config, $sections); /* * Then add ipalias and proxyarp types already defined * on the backup */ if (is_array($vipbackup) && !empty($vipbackup)) { if (!is_array($config['virtualip'])) { $config['virtualip'] = array(); } if (!is_array($config['virtualip']['vip'])) { $config['virtualip']['vip'] = array(); } foreach ($vipbackup as $vip) { array_unshift($config['virtualip']['vip'], $vip); } } /* Log what happened */ $mergedkeys = implode(",", array_merge(array_keys($sections), $syncd_full_sections)); write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys)); /* * The real work on handling the vips specially * This is a copy of intefaces_vips_configure with addition of * not reloading existing/not changed carps */ if (isset($sections['virtualip']) && is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { $carp_setuped = false; $anyproxyarp = false; foreach ($config['virtualip']['vip'] as $vip) { $key = "{$vip['interface']}_vip{$vip['vhid']}"; if ($vip['mode'] == "carp" && isset($oldvips[$key])) { if ($oldvips[$key]['content'] == $vip['password'] . $vip['advskew'] . $vip['subnet'] . $vip['subnet_bits'] . $vip['advbase'] && does_vip_exist($vip)) { unset($oldvips[$key]); /* * Skip reconfiguring this vips * since nothing has changed. */ continue; } } elseif ($vip['mode'] == "ipalias" && strstr($vip['interface'], "_vip") && isset($oldvips[$vip['subnet']])) { $key = $vip['subnet']; if ($oldvips[$key]['content'] == $vip['interface'] . $vip['subnet'] . $vip['subnet_bits'] && does_vip_exist($vip)) { unset($oldvips[$key]); /* * Skip reconfiguring this vips * since nothing has changed. */ continue; } unset($oldvips[$key]); } switch ($vip['mode']) { case "proxyarp": $anyproxyarp = true; break; case "ipalias": interface_ipalias_configure($vip); break; case "carp": $carp_setuped = true; interface_carp_configure($vip); break; } } /* Cleanup remaining old carps */ foreach ($oldvips as $oldvipar) { $oldvipif = get_real_interface($oldvipar['interface']); if (empty($oldvipif)) { continue; } if (is_ipaddrv6($oldvipar['subnet'])) { mwexec("/sbin/ifconfig " . escapeshellarg($oldvipif) . " inet6 " . escapeshellarg($oldvipar['subnet']) . " delete"); } else { pfSense_interface_deladdress($oldvipif, $oldvipar['subnet']); } } if ($carp_setuped == true) { interfaces_sync_setup(); } if ($anyproxyarp == true) { interface_proxyarp_configure(); } } if ($old_ipsec_enabled !== ipsec_enabled()) { vpn_ipsec_configure(); } unset($old_config); return true; }